THORChain Unveils Recovery Portal After $10 Million Exploit Impacting Thousands
By Abdus Salam
2 Views
In a significant breach of security, THORChain has confirmed a $10 million exploit, impacting 12,847 wallets across multiple blockchain platforms, including Bitcoin (BTC), Ethereum (ETH), Binance Smart Chain (BNB), and Base. In response to this incident, the decentralized finance (DeFi) protocol has launched a comprehensive recovery portal, affording affected users the opportunity to reclaim their lost funds.
On May 13, THORChain Foundation announced via its official X account that the recovery portal is now operational. This portal allows users to nullify malicious token approvals and file for refunds backed by a treasury-reserved refund pool that matches the amount lost in the exploit. "Affected users are now able to check what they will be compensated following the exploit," the statement read.
Details of the Exploit
The attack was identified on May 11, at 02:14 UTC, when alert node operators noticed an unusual flurry of outbound transactions, prompting an immediate response to pause trading and outbound signing just eight minutes later. The attackers managed to siphon off 36.75 BTC, valued at around $3 million, in addition to approximately $7 million in various tokens from the affected chains.
Understanding the Vulnerability
THORChain pointed to a potential exploitation of the GG20 threshold signature scheme (TSS) as the primary vector for the breach, where sensitive vault key data was inadvertently exposed over time. The resultant accumulation allowed the attackers to reconstruct the vault's private key and authorize unauthorized transactions.
Notably, a new node had entered the network just days prior to the hack, raising suspicions of its involvement. On-chain analyses reveal connections between the bonding addresses of this node and the wallets that received the illicitly obtained funds. Current efforts by THORChain's treasury are focused on gathering forensic evidence in collaboration with Outrider Analytics and relevant law enforcement agencies to identify and apprehend the perpetrator.
Claims Process for Affected Users
Affected users have until June 4 to submit their claims via the recovery portal. Any allocations that go unclaimed after this deadline will be allocated to THORChain's insurance fund. The protocol's response comes amid a troubling trend of hacks within the cryptocurrency landscape, with 2025 witnessing a staggering $1.47 billion in losses, highlighting an urgent need for enhanced security measures.
The THORChain exploit underscores the evolving risks in decentralized finance, where attacks increasingly leverage sophisticated methods rather than merely targeting vulnerabilities in smart contracts. The security landscape remains volatile, emphasizing the necessity for heightened vigilance and robust safeguards across the sector.
For ongoing updates and detailed information about the recovery process, affected users are advised to monitor official THORChain communications.